Leveraging Host Information Profile (HIP)

Community Team Member

Read about leveraging Host Information Profile (HIP) to prevent insecure hosts from access your network. Kiwi goes in depth about the ins and outs of Host Information Profiles, how it works with GlobalProtect, and how to access this technology. Got questions? Get answers on LIVEcommunity.

 

You may have configured the strictest rules on your corporate network border. If you allow insecure hosts on your network, then you might as well just throw your firewall in the trash.

 

Today’s mobile workforce often requires access to corporate resources from external locations, such as airports, coffee shops, hotels, and from a variety of endpoints—both company-provisioned and personal.  This means you must logically extend your network’s security to your endpoints to ensure security enforcement.

 

What is Host Information Profile (HIP)?

The Host Information Profile (HIP) feature allows you to collect information about the security status of your endpoints, and the decision is based on whether to allow or deny access to a specific host based on adherence to the host policies you define.

 

How does HIP work exactly?

The GlobalProtect app collects information about the host it is running on. The app then submits this host information to the GlobalProtect gateway upon successful connection. The gateway matches this raw host information submitted by the app against any HIP objects and the HIP profiles that you have defined. If it finds a match, it generates an entry in the HIP match log. Additionally, if it finds a HIP profile match in a policy rule, it enforces the corresponding security policy.

 

This enables granular security that ensures the remote hosts accessing your network resources are adequately maintained and adhere with your security standards before they are allowed access.  For instance, you could enforce that endpoints have a minimum version of anti-virus software installed before they are allowed access to your resources. 

 

HIP objects and HIP profiles

You define which host attributes you are interested in monitoring and/or using for policy enforcement by creating HIP objects and HIP profiles on the gateway(s).

 

  • The HIP Objects is the criteria used to filter out the host information you are interested in using to enforce policy from the raw data reported by the app

HIP Object Creation.pngHIP Object Creation

 

 

  • A HIP Profile is a collection of HIP objects that are evaluated together, either for monitoring or for security policy enforcement.

HIP Object Profile Builder.pngHIP Object Profile Builder

 

 

For more details on the actual information that's being gathered, check out the following TechDocs article: What Data Does the GlobalProtect App Collect? 

 

To use the HIP feature, you must have a GlobalProtect subscription license on each gateway that will perform HIP checks. 

For more information on licensing, see this TechDocs article: About GlobalProtect Licenses.

 

If you need some help configuring your HIP-Based Policy Enforcement, check out the step-by-step instructions on this TechDocs article: Configure HIP-Based Policy Enforcement.

 

Also check out:

 

Thanks for taking time to read my blog.
If you enjoyed this, please hit the Like (thumbs up) button, don't forget to subscribe to the LIVEcommunity Blog.

 

As always, we welcome all comments and feedback in the comments section below.

 

Kiwi out!

501 Views
Ask Questions Get Answers Join the Live Community
Labels